Hello and welcome back to I C D. One interconnecting Cisco Networking devices Part one This episode 812 CIS log.
I trained there on every structure for this course in the last video. We know the lesson 8.1 overview.
There's some pre assessment questions as well.
There's some sort of recovering the cyst log protocol on how how to implement it on a Cisco networking device.
We're learning objectives. We're gonna look at the different tighter the logging messages. We're gonna look at the how the device uses them.
We're gonna look at the format of these messages in the severity levels to find in the R. C.
And finally, we're gonna configure the router to use a cyst log server that is on network.
So a critical event is listed as what severity give you a few seconds to see if you figure it out. If you do a quick Google search on it on sis, log for the severity levels you should build figured out.
All right, it is severity level to you guys got there
ours along Constance, the I mean you. Hopefully if you've been configuring stuff along with me to so Of course, you should have seen them by now. Every time you
put you know, you put a shutdown command on interface or something like that, you'll see that line protocol up my protocol down. Stuff like that.
so, by default, we had the logging consul command enabled on the switches and routers, meaning that when you're logged into counsel, you see all these messages.
You do not see these messages, though if you're logged into estate, you tell net you actually need to enable the logging monitor command and then you'll have to Once you get logged in your issue, the terminal monitor command and then you can start seeing these messages.
Now. Another way you can do it is if you want to look at these messages later. But there's a few options you can have the logging buffered command enabled, which basically tells the IOS just to store the messages and ram give you them later using the show Logging
And lastly, we have the most using enterprises is the cyst log protocol.
This goes over you to peep 514 Beware if you see traffic on TCP ports 514 Sometimes that is used by a worm that is much is
S O N. The global conflict will do logging. And then the i p address for the, uh,
for the, um, server.
So go ahead and get into the log messages here. There's one that you should have seen by now in the picture there. I just ran a shutdown command on an interface. You know, we have the
time stamp, and then we have the facility that generated a message, so that would be the link or line proto. We have the severity of message, which is five in this case.
And then we have the kind of, like, the shorthand of the message which has changed or up down in this case is and then we have the complete message on there as well. Interface festive There is there. Is there a change? States administratively down line protocol has changed it down. Something like that.
So if you don't like Timestamps, um,
maybe you notice that your time stamps are set to a time protocol
and you're just doing it so loud you can set this to you sequence numbers instead of time. Stand position. That's how you want to use it. You just do the no service time stamps in global configured and service sequence numbers,
and you'll start seeing the sequence numbers instead of time stamps there.
So we look at the ah severity levels. If you already googled it, you should have seen these for the R. C. Zero is your emergencies. One is alert. These air like the two critical,
um, kind of drop everything. Go figure out what's going on.
You know what these words into a device to is critical. Three error.
Um, four. Warning five is like a notification. It's, you know, just saying, OK, we're a normal operation, but, hey, this happened, you know, just so you know,
it's just a notification.
So, as always, you want to be where the critical Zahra's and warnings as well you just want to be able to investigate. And it's not a work stoppage necessarily. But you want to be able to notice when that happens so you could be like you can. You should know the general operative condition of your devices so you could look in there and say, OK, is this normal?
Informational is your six and debugging at seven. This on Lee is going to appear if you have a d bucking command input on the counter on the device.
So if you look in the top right there on the chart, we have the different ways that you enable the log in different law conversions we ever consuls monitors buffered and hosts, remember?
how you set the severity level, you'll just said it at all of them will just be tacked onto the end,
repented to the end except for the systolic. So you actually to set a logging trap level?
Um, we won't get what that is. Just No. So you do it. So we're gonna go through. I'm gonna look at configuring,
uh, the device for cece log.
We're gonna set the buffered logging to severity three.
So the council severity to seven so we can see everything,
and we're gonna enable the monitor for a cessation tellme its severity five.
So I am going to go ahead and bring up the party session here.
All right, let's take a look here.
It's going to configure terminal. I'm gonna do the underside of the cyst, locks over first
so you can log all the messages and I currently have it set on 80 has set up a new computer
for this with a kiwi sis log server is one that is free through solar wins.
We're gonna do the logging trip.
as a way of logging truck three. Let's go in and
enabled the logging buffered
and weaken so weak here, we can use the We can use the number of the severity level where we could actually use the word. And it's nice enough to tell us what the actual severity is.
Uh, so we're just gonna do number three for errors
and we will enable the council to logging seven
And let's set the monitor to notification, which is what
where we can do notifications.
I'm just gonna go in and showed an interface down
and we'll see what shows up in each one.
I'm gonna give this a second toe work. I'm actually gonna bring out my sister log server here.
You see if we're getting our messages.
Remember, the CIS log was set to
so they're not coming into the cyst like server.
What? They're showing up in our
council session because of the logging Council seven we This is five. This is five.
So let's take a look in buffer to see what
All right, so we have nothing in our law. Go free, X. We have the severity set through three. So let's see if we can get one toe. Go off here.
No need to be. Oh, no shunts.
All right, So if you notice we have a
already little three here now, so we do a show
we should have a dog mow for now.
facility Severity level,
The short and messaging and a full description.
Someone asked why it's not time to server here.
So it could be because we disabled the interface for Fassi tonight, which is the landside interface. So if we go to configure Terminal, I'm gonna disable and enable the serial interface.
So that way we can actually see it pop up in the cyst log server,
someone to shut down no shots.
And if you get that same air three again, Okay, there it is. And it should be popping into the server.
Alright, there we go.
So we don't have so very little five sets. So it's gonna show there.
But we only have so very little three here on the server.
So it is a simple Is that Senate thesis? Look, it's pretty easy. Uh, Kiwi is a phenomenal, easy to use server.
That's the only thing I think I had to do was when you're going to set up server,
I had to change. U T should be
you dippy to 10 11 80 or the p that you're using.
Um, it was just installing for yet It's pretty easy to use.
All right, so we've got an excellent sobriquet. We looked at the log message formats we looked at how to enable it through your consultation here as stage session. We set it up on a cyst log server. We looked at all the different severity levels we looked at. You know how we set it on for number three on our sister log in our buffer? We said it for number five on our
s sensation. Tell nuts or our monitor sessions.
And then he said it for number seven on our council sessions.
We'll see if you come over here. What is the severity level for warnings. I'll give you a few seconds.
All right. It is number four
and the next steps of really look at the network time protocol.
As always, if you guys have questions, need help. Feel free to shoot a message. Otherwise, think for watching this episode, and I look forward to seeing you arrest him.